<?php
include '../include/common.inc.php';
$checkerror="";
$seccode=isset($sec)?strtolower($sec):"";
$seccode1=  strtolower($help->authcode($_COOKIE['adminsec'],'DECODE'));
if(isset($submit)){
    if(!$username){
        $checkerror="用户名不能为空";
    }elseif(!$userpw){
        $checkerror="密码不能为空";
    }elseif($seccode!=$seccode1){
        $checkerror="验证码错误";       
    }else{
        $userpw=md5($userpw);
        $q=$db->fetch_first("select * from adminid where username='{$username}' and userpw='{$userpw}'");
        if(!$q){
            $checkerror="用户名或密码不正确";            
        }else{
            $adminid=isset($q["adminid"])?$q["adminid"]:0;
            if(!$adminid){
                $checkerror="用户名或密码错误。";
            }else{
                $mhelp=new Adminhelp();
                if(!$mhelp->mcreatesession($adminid)){
                    $checkerror="创建SESSION错误，无adminid";
                }  else {
                    $db->query("update adminid a set a.lastip=a.nowip where username='{$username}'");
                    $db->query("update adminid a set a.nowip='{$_SERVER["REMOTE_ADDR"]}'");
                    header("Location:".$C['SITE_URL']."/admin/index.php");
                }
            }
        }
        
    }
}
$tpl->assign("configs",$C);
$tpl->assign("checkerror",$checkerror);
$tpl->display("admin/login.html");
